[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Restrict ssh logins

On Mon, 2006-06-26 at 18:40 -0400, Eric d'Alibut wrote:
> > AuthorizedKeysFile %u/.ssh/authorized_keys
> >
> > will make sshd look at /home/bob/.ssh/authorized_keys
> > and /home/alice/.ssh/authorized_keys (and it won't find the
> > authorized_keys file from alice, because /home/alice doesn't exist)
> 
> Do we want for the last case:
> 
> AuthorizedKeysFile /home/%u/.ssh/authorized_keys ?

Oh. Yes. You're right. 

AuthorizedKeysFile %u/.ssh/authorized_keys

would result in bob/.ssh/authorized_keys and alice/.ssh/authorized_keys.

But i don't think you want any of these. You mentioned early that you
(the friendly system administrator) should be the only one, who can add
authorized keys.
That means that you have to create a system-wide authorized_keys file,
that is only writable by yourself (like
AuthorizedKeysFile /etc/ssh/authorized_keys)

Best regards,
Lothar
Reply to: